Swiss Political Party and Railways Targeted By Hackers

This week, we hear the latest on Swiss Political Party and Railways targeted by hackers and Chinese hacker group steals code-signing certificates.

Breach

Swiss Political Party and Railways targeted by hackers

Switzerland’s largest political party, the Swiss People’s Party (SVP) has confirmed an attack where nearly 50,000 emails, names and mailing lists were stolen from their online portal. Swiss Federal Railways (SBB) and several private Swiss companies were also attacked, reporting DDoS attacks that paralyzed their IT and telephone systems. The hacker group NSHC claimed responsibility for these attacks, but insisted they are a ‘grey hat’ organization and that the attacks were meant to display vulnerabilities and not to be malicious in any way. SVP Deputy General Secretary Silvia Bär claims “we are currently looking into what exactly happened and which data could have been affected.” Meanwhile, SBB acknowledges the attack and said that online timetable services were slowed, but critical online and rail systems had not been impacted.

Malware

Chinese hacker group steals code-signing certificates

Chinese Advanced Persistent Threat group, ‘Suckfly’, has been using stolen Korean code-signing certificates to conceal their malicious activities for over 2 years, according to Symantec. Starting in early 2014, Suckfly used nine different stolen certificates from South Korean companies to make their large number of malicious tools, including keyloggers, credential dumpers, port scanners, and back doors, seem like legitimate software. Symantec did not become aware of this activity until late 2015, when one of their clients was attacked with a brute force server message block scanner that was signed with a certificate. Symantec managed to follow the trail Suckfly had left to trace them back to three IP addresses in Chengdu, China.

Signed malware is becoming more common, as Internet and security systems have moved away from downloading untrusted software. Symantec warns companies to guard their certificates in order to avoid being tied to malicious activity.

SCHEDULE A DEMO

Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.